Computer systems are of vital importance in almost all organizations or enterprises, such as business organizations, governmental organizations, nonprofit organizations, etc.
Often, the computer system comprises a network of interconnected computers. A user logs on to a first computer but actually uses application services that are provided by further computers. Groups of users with similar responsibilities (within the organization) share application services, whereas other groups of users with other predefined responsibilities require other application services. To comply with these requirements, the system offers predefined combinations of application services in so-called roles. Multiple users access the same system in different, user dependent roles. It is also possible that the same-user uses different roles at different times. In other words, roles link people and application processes in a predefined relationship.
Usually, the applications services belonging to the role appear to the user in the human interface as graphical symbols like icons on the screen (e.g., graphical user interface). It is an advantage that roles limit the number of displayed services from all available services, roles thereby hide the complexity of the overall system-landscape from the user. For example, the typical number of usually available different roles can be up to 1000, while a single user can have up to 5 roles.
The scenario in a typical role-based system usually involves the following steps:    (a) the user logs on to the system by the first computer;    (b) a program in the first computer determines the role of the user;    (c) the computer identifies the application services by looking up in a service-to-role assignment table; and    (d) with or without user interaction, the first computer sends service start signals to the further computers that are identified in the table.
Besides the large size of the assignment table, the above scenario is further challenged by changes on both ends, such as: (i) application services in the further processors are regularly updated, added or removed; and (ii) role definitions for single users also change from time to time. It is a serious technical problem that in both cases (i) and (ii), the service-to-role assignment tables for all users have to be updated as well.
Different assignment tables have to be stored for different installations of the system, and thus the amount of assignment data to be maintained becomes huge.
Hence, the present invention seeks to provide method, computer program product and apparatus for an improved role management.